In the last two weeks cyber attacks and data breaches have been reported by companies such as Optus (an Australian Phone Company), Uber, Revolut, Rockstar Games and IHG (the owners of Holiday Inn, Intercontinental, Crowne Plaza and other hotel brands).
This avalanche of announcements by large enterprises tells us two things. The first is that companies are investing more to identify and address cyber threats – and therefore know they are being compromised and second that mandatory reporting legislation in many countries is starting to work.
Government statistics in Australia highlight the scale of the problem. In 2020-21, an Australian Government Agency – the Australian Cyber Security Centre received some 67,500 reports of Cybercrime. Another Government Agency – the Office of the Australian Information Commissioner received some 975 mandatory reports under the Notifiable Data Breach scheme in the same period.
So what does this mean for you as an individual? Read on for our assessment.
At Trust Panda, our team of experts work with many enterprise customers to secure their identity and access to their core platforms. As an individual you don’t have the multi-million-dollar budgets of a global company but there is a range of actions you can take to protect your data online and reduce the impact of a data breach.
We’ve assembled our top tips for staying safe online and managing your personal cyber risk.
Step 1 – Get the Basics Right
Patch/Update your devices as soon as the manufacturer or software provider advises you to. This means checking Windows, Apple and Android devices for updates (and not putting it off). If your device is too old to update then consider limiting the private information stored on the device. Where possible enable Automatic Updates.
Activate Multi-Factor Authentication (Sometimes called MFA, 2FA or 2 Step Authentication), on all your online accounts. Whilst our YubiKeys are a great tool to help you on this journey – check that it’s supported by the applications you use before purchase.
Backup your Devices and Information to a secure (and separate) device.This means putting it on a drive that’s not connected to or synced from your computer – we call this “air gapped” because your device is separate and not connected to a device that might get compromised. You can find a range of encrypted storage devices here to consider.
Set Secure, Different, Complex Passwords for every single account, service and application you use. A password manager like 1Password could be helpful but isn’t absolutely necessary.
Watch out for Scams
Step 2 – Improving your Approach
Install a quality, paid Antivirus product like BitDefender, McAfee or Norton on all computers (including your Mac).
Use an AdBlocker in your browser like uBlock Origin
Use a Password Manager like 1Password to create and securely store unique logins for every service you use.
Subscribe to ACSC Alert Service(As part of the Australian Cyber Security Centre Home Partnership)
Step 3 – Manage Your Information / Be Diligent
Businesses need and often require you to supply information to deliver your online purchases, carry out an anti-fraud check or as a result of government legislation need to verify your identity to open an account. This is reasonable and necessary, but you should consider the business that you’re providing the information to before doing so:
Is the way they collect information secure? Check that the website you’re providing the information to has the padlock icon in your browser and the website address begins with https:// NOT http://. If you get a warning when you go to a known page, make sure you understand the warning if you choose to proceed.
Are they asking you to complete a Google Form, Microsoft Form or some other method? If so, do not provide banking details, personal identity documents or other payment information. This should be submitted through a secure portal or payment processor site rather than a public forms tool that indicates they are retaining the data and could be storing it in clear text for later use.
Making credit card payments over the phone? Make sure the store is entering your details into the payment processor system and not writing it down on a piece of paper.
Consider the purpose of the request.It makes sense that an online store would ask for your Name, Delivery Address, Email Address for your receipt and tracking details, and a phone number for the delivery driver. Except for very large online purchases it’s not normal to request additional identification documents.
There are a number of resources that can assist you to stay safe: